Like many others it took me some time to figure out how to have a working Docker-CE installation inside an unprivileged LXC container created on my Proxmox server. I currently run Proxmox v.5.3-6.

I considered that it might be interresting to summarize my thoughts with others in search of a similar config. So here is how Docker-CE was successfully installed for me on Ubuntu 16.04, Ubuntu 18.04 and Debian 9.6.

create an unprivileged LXC container in Proxmox based on the the template of your choice

apt-get update & apt-get upgrade (eventually 2x if you get an « unable to fetch some archives… » message in the end)

Now the docker daemon should be OK ; it’s time for the second error: docker run hello-world returns an error « mounting proc to rootfs…permission denied »

Fix it (trick #2) by inserting manually a line containing the following :

features: keyctl=1,nesting=1

in the config file of your LXC as documented in this Proxmox doc 42. In Proxmox you find the LXC config here: /etc/pve/local/lxc/<container_id>.conf So you have to do it via an SSH connection directly into your Proxmox host.

stop/start the LXC container

docker run hello-world gives you « Hello from Docker ! » now.

Enjoy!

However I can hardly appreciate whether “keyctl=1,nesting=1” could be regarded as a security concern of not. Maybe Stéphane can provide some light on this question.